cvedb.io
CVE-2016-9498
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-07-13T20:29:01.940 · Last modified 2026-06-17T00:56:10.620

Summary

ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as well as the operating system. As Application Manager's RMI registry is running with privileges of system administrator, by exploiting this vulnerability an attacker gains highest privileges on the underlying operating system.

Affected products

zohocorp — manageengine_applications_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when zohocorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.